Agent Team Orchestration 1
PassAudited by ClawScan on May 10, 2026.
Overview
This is an instruction-only multi-agent workflow guide with no code or credentials, but it describes shared workspaces, agent messaging/spawning, scheduled tasks, and a minor metadata mismatch worth verifying.
This skill appears safe as an instruction-only playbook. Before using it, verify the publisher because of the metadata mismatch, then define clear limits for spawned or scheduled agents, keep sensitive data out of shared folders, restrict edits to persistent instructions like SOUL.md, and require human approval for high-impact tasks.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The publisher identity and package lineage are less clear than ideal.
The embedded metadata differs from the registry metadata supplied for review, which lists owner ID kn7ahjkvm4k6kfc2tkfrhen4px82a35s and slug agent-team-orchestration-1. This is a provenance/packaging inconsistency, though no executable code is present.
"ownerId": "kn77yy30hx6jk3x3j2dwc9tj3d808mp4", "slug": "agent-team-orchestration"
Verify the publisher/source before relying on the skill, especially if future versions add code, install steps, or credentials.
Information placed in shared directories or agent workspaces may be visible to more agents than expected.
The recommended access model gives the orchestrator broad visibility and allows all agents to read shared directories. This is expected for orchestration but expands the trust boundary.
Agents can read any shared directory - Orchestrator can read all workspaces for oversight
Keep secrets and unrelated private data out of shared workspaces, and define least-privilege access rules for each agent role.
Incorrect or tampered shared instructions could steer future agents in the wrong direction.
SOUL.md files and shared decision/spec/artifact directories are persistent context that later agents may trust. This is central to the skill, but stale or unauthorized edits could influence future tasks.
Each agent gets a SOUL.md that defines: 1. **Role and scope** 2. **Communication style** 3. **Boundaries** 4. **Team context**
Restrict who can edit persistent agent instructions and shared decision files, and review them when behavior changes unexpectedly.
Messages or artifacts sent to the wrong session or shared path could expose context or disrupt another agent’s work.
The skill describes direct inter-agent messaging and shared-file coordination. It also provides usage boundaries, so this is a purpose-aligned note rather than a concern.
sessions_send (Sync — Urgent) Direct message to a running agent session. Interrupts their current work.
Verify target sessions and artifact paths before sending, and prefer shared files for auditable handoffs as the skill recommends.
If implemented without limits, scheduled agent dispatch could consume resources or start work without enough human review.
The playbook includes optional scheduled operations that can assign work and spawn agents. This is disclosed and aligned with sustained orchestration, but it should be deliberately configured.
Task Dispatch Schedule: Every few hours (or on trigger) Agent: Orchestrator 1. Check inbox for new tasks 2. Prioritize by urgency/importance 3. Match to available agents (check capabilities) 4. Assign and spawn
Use explicit schedules, concurrency limits, logging, approval thresholds for high-impact tasks, and a clear way to pause or stop scheduled agents.